Security Requirements Engineering (SRE) Framework for Cyber-Physical Systems (CPS): SRE for CPS

Security is an important feature of the software. Integrating security requirements right at the beginning not only ensure secure software but also save a lot of precious time and reduce the effort of rework of software development team. However, to build a secure system is not an easy task and it is extremely difficult to develop a secure system, especially in the case of cyber-physical systems (CPS). In this paper, we propose a security requirements engineering framework that provides ways to determine security requirements throughout the requirements engineering phase which consists of a number of activities to elicit and finalize the security requirements for CPS. Additionally, we determine the activities that need to be implemented in the security requirements engineering framework to address security requirements for CPS. We compare our proposed security requirements engineering framework with other existing software security frameworks. The result shows that not all software security frameworks perform all the basic and important activities in the development of secure software systems. This may also result in a development of an unsecure cyber-physical systems. Furthermore, this comparison survey helps us to identify the short-comings in SRE frameworks which has been rectified in our proposed security requirements engineering framework for CPS.